Details of VAR-202108-0275

ID

VAR-202108-0275

CVE

CVE-2021-22295

TITLE

HarmonyOS Inappropriate Default Permission Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-009621

DESCRIPTION

A component of the HarmonyOS has a permission bypass vulnerability. Local attackers may exploit this vulnerability to cause the device to hang due to the page error OsVmPageFaultHandler. HarmonyOS Is vulnerable to incorrect default permissions.Denial of service (DoS) It may be put into a state

Trust: 1.8

sources: NVD: CVE-2021-22295 // JVNDB: JVNDB-2021-009621 // VULHUB: VHN-380730 // VULMON: CVE-2021-22295

AFFECTED PRODUCTS

vendor:	huawei	model:	harmonyos	scope:	eq	version:	2.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-009621 // NVD: CVE-2021-22295

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22295
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-22295
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202108-655
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-380730
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-22295
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-22295
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-380730
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-22295
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22295
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380730 // VULMON: CVE-2021-22295 // JVNDB: JVNDB-2021-009621 // CNNVD: CNNVD-202108-655 // NVD: CVE-2021-22295

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.1
problemtype:	Inappropriate default permissions (CWE-276) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-380730 // JVNDB: JVNDB-2021-009621 // NVD: CVE-2021-22295

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-655

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-655

PATCH

title:	Top Page	url:	https://device.harmonyos.com/	Trust: 0.8
title:	HarmonyOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158952	Trust: 0.6

sources: JVNDB: JVNDB-2021-009621 // CNNVD: CNNVD-202108-655

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22295	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-009621	Trust: 0.8
db:	CNNVD	id:	CNNVD-202108-655	Trust: 0.6
db:	VULHUB	id:	VHN-380730	Trust: 0.1
db:	VULMON	id:	CVE-2021-22295	Trust: 0.1

sources: VULHUB: VHN-380730 // VULMON: CVE-2021-22295 // JVNDB: JVNDB-2021-009621 // CNNVD: CNNVD-202108-655 // NVD: CVE-2021-22295

REFERENCES

url:	https://device.harmonyos.com/cn/console/safetydetail?id=9145efa5d9064d94a7fc3968b6054d83&pagesize=10&pageindex=1	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22295	Trust: 1.4
url:	https://device.harmonyos.com/cn/console/safetydetail?id=9145efa5d9064d94a7fc3968b6054d83&pagesize=10&pageindex=1	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/276.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-380730 // VULMON: CVE-2021-22295 // JVNDB: JVNDB-2021-009621 // CNNVD: CNNVD-202108-655 // NVD: CVE-2021-22295

SOURCES

db:	VULHUB	id:	VHN-380730
db:	VULMON	id:	CVE-2021-22295
db:	JVNDB	id:	JVNDB-2021-009621
db:	CNNVD	id:	CNNVD-202108-655
db:	NVD	id:	CVE-2021-22295

LAST UPDATE DATE

2024-08-14T15:06:46.743000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380730	date:	2021-08-13T00:00:00
db:	VULMON	id:	CVE-2021-22295	date:	2021-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-009621	date:	2022-05-13T08:37:00
db:	CNNVD	id:	CNNVD-202108-655	date:	2021-08-24T00:00:00
db:	NVD	id:	CVE-2021-22295	date:	2021-08-13T12:42:34.613

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380730	date:	2021-08-06T00:00:00
db:	VULMON	id:	CVE-2021-22295	date:	2021-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-009621	date:	2022-05-13T00:00:00
db:	CNNVD	id:	CNNVD-202108-655	date:	2021-08-06T00:00:00
db:	NVD	id:	CVE-2021-22295	date:	2021-08-06T13:15:07.247